Retailer’s Request for Credit Cardholder’s Zip Code Violates California Law

This posting was written by William Zale, Editor of CCH Advertising Law Guide.

When a store cashier asks for the zip code of a customer making a purchase with a credit card in California, the retailer violates California’s Song-Beverly Credit Card Act, the California Supreme Court has ruled.

A Williams-Sonoma customer filed a class action complaint alleging that when she was paying for a purchase with her credit card, the cashier asked for her zip code. Believing it necessary to complete the transaction, the customer provided the requested information and the cashier recorded it.

The trial court held that the customer failed to assert a violation of the Credit Card Act or a claim for invasion of privacy under the California Constitution, and a California appellate court affirmed that decision (CCH Advertising Law Guide ¶63,658; CCH Privacy Law in Marketing ¶60,400).

The California Supreme Court granted review, but only of the Credit Card Act claim.

Request for Personal Identification Information

The Act prohibits businesses that accept credit cards as payment for goods or services from requesting, or requiring as a condition to accepting the credit card as payment, the cardholder to provide personal identification information which the business records.

The statute’s express prohibition against “requesting” personal identification information was added in a 1991 amendment to prevent a retailer from making an end-run around the law by claiming the customer furnished personal identification data voluntarily, the court noted.

“Personal identification information” is defined as “information concerning the cardholder . . . including, but not limited to, the cardholder’s address and telephone number.”

Part of an Address

The California Supreme Court held that the Act’s prohibition applies not only to a complete address but also to a component of an address, such as a zip code. Otherwise, a business could ask not just for a cardholder’s zip code, but also for the cardholder’s street and city in addition to the zip code, so long as it did not also ask for the house number. Such a construction would render the statute’s protections hollow, the court said.

A cardholder’s zip code is similar to his or her address or telephone number, in that a zip code is both unnecessary to the transaction and can be used, together with the cardholder’s name, to locate the cardholder’s full address, according to the court. The retailer can then, as alleged in this case, use the accumulated information for its own purposes or sell the information to other businesses, the court added.

The court rejected contentions by Williams-Sonoma that the statute, as construed, violated due process and was unconstitutionally vague. The decision of the appellate court was reversed and remanded for further proceedings.

The February 10 decision in Pineda v. Williams-Sonoma Stores, Inc. will be reported in CCH Advertising Law Guide and CCH Privacy Law in Marketing.